WordPress SSO Azure AD Office 365

WordPress Single Sign-On (SSO) using Google Apps / G Suite as IDP

Enable G Suite Google Apps as your identity provider (IDP) for WordPress to enable Single Sign On (SSO) using the WP Cloud SSO plugin.

 

This setup guide will explain the steps to set Google Apps as your IDP and allow SSO for your WordPress users, Map Gsuite/Google App users to WordPress roles and enable the single sign on experience at the same time securing access to WordPress.

Google Apps WordPress SSO

with WP Cloud SSO

List of Supported SAML Providers for WordPress SSO Login

Table of Contents

1.) Setup G Suite/ Google Apps as IDP for WordPress

To configure G Suite/Google Apps as IdP please follow the steps below:

  • In the WP Cloud SSO plugin, go to Service Provider Metadata section, where you find the SP metadata, such as SP Entity ID and ACS ( AssertionConsumerService) URL which are necessary to configure the Identity Provider;
  • Navigate to https://admin.google.com and login to the Administrator account.
  • Go to the Apps tab on the left menu and click on Web and mobile apps.
  • Click on Add App button. In the dropdown select Add Custom SAML app tab to create a new saml app.
  • Click on the Continue button;
  • On the next step click on the Continue button;
  • Insert into ACS URL field value from ACS URL field of the Service Provider Metadata page of the plugin; 
  • Insert into Entity ID field value from Entity ID field of the Service Provider Metadata page of the plugin; 
  • Select Name ID format as EMAIL;
  • Select Name ID as Primary email;
  • Click on the Continue button;
  • Click on the Finish button;
  • On the main page of the created saml application click on the OFF for everyone;
  • Select Service status as ON for everyone;
  • Click on the Save button;

2.) Configure WordPress as SP

In the WordPress WP Cloud SSO plugin, go to the Identity Provider Setup tab of the plugin.

There are 2 ways to configure the WordPress SSO plugin:

3.) Google Apps Attribute Mapping

Note: Attribute mapping feature is only available to paid plans. 

 

  • Navigate to the saml application configured in previous steps in the Google Administration;
  • Click on the Configure SAML attribute mapping button;
  • Select the necessary attributes and click on the Save button; 
  • Navigate to the Identity Provider Setup page of Plugin;
  • Select configured Google Apps identity provider;
  • Click on the Test Configuration button;
  • Login via Google Apps account;
  • See that attributes was successfully fetched from Google Apps
  • Go to the Attribute/Role Mapping page of the plugin;
  • Insert the received attributes from Google Apps IDP to the necessary field of the Attribute mapping section related to default WordPress user attributes;
  • Click on the Save button;
  • Congratulations! You successfully setup attribute mapping for the firstName, lastName attributes from Google Apps IDP.  After login via Google Apps identity provider to WordPress user attributes firstName, lastName will be successfully mapped to users. Repeat this setup to other necessary attributes;

4.) Google Maps Role Mapping

WordPress has 7 pre-defined roles :

 

  •  Administrator
  •  Editor
  •  Author
  •  Contributor
  •  Subscriber
  •  Customer

To configure default role mapping please follow the steps below: 

 

  • Go to the Attribute/Role Mapping page of Plugin;
  • In the Role Mapping section select one necessary role of the WordPress predefined roles;

Click on the Save button;

To configure multiple group mapping based on groups membership follow steps below:

Note: Multiple mapping feature is only available to paid plans. 

 

  • First of all, you need to configure receiving Group attribute (this attribute received all user groups) from Google Apps;
  • Go to the configured saml application in Google Administration;
  • Select the necessary groups to receiving in the Group membership section;
  • Enter App Attribute as groups;
  • Click on the Save button;
  • Go back to the Identity Provider Setup page of the Plugin;
  • Select the configured Google Apps Identity provider;
  • Click on the Test Configuration button;
  • See that group attributes were successfully fetched;
  • In the next step go to the Attribute Mapping page of the Plugin;
  • Insert target Group attribute as source Group attribute from Google Apps
  • Click on the Save button in the Attribute Mapping section; 
  • Insert the value of the target Group attribute from Google Apps to the necessary role of WordPress;
  • Click on the Save button in the Role Mapping section;
  • After this, all users who have group attributes with administrators value will be assigned to the Administrator role in WordPress, and all users who have group value as editors will be given the Editor role. If a user has multiple groups as in the screenshot below, the user will be assigned to the first founded role. In the case of a screenshot, the user will be given the Administrator role.

6.) Google SSO Login Button - Redirect to IDP

Next is to enable your Google Apps / Gsuite SSO login buttons, which can be found on the SSO Links tab.  Follow the SSO Login Widget page for instructions on setting up.

Login Button

7.) Multiple Environments Feature

For more information about Multiple Environments Feature follow the Multiple Environments SSO page